From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <corinna@sourceware.org>
Received: by sourceware.org (Postfix, from userid 2155)
 id 1979C3858D37; Mon, 17 Aug 2020 09:45:05 +0000 (GMT)
DKIM-Filter: OpenDKIM Filter v2.11.0 sourceware.org 1979C3858D37
Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
From: Corinna Vinschen <corinna@sourceware.org>
To: newlib-cvs@sourceware.org
Subject: [newlib-cygwin] libm/stdlib: don't read past source in nano_realloc
X-Act-Checkin: newlib-cygwin
X-Git-Author: Keith Packard via Newlib <newlib@sourceware.org>
X-Git-Refname: refs/heads/master
X-Git-Oldrev: 70d02aaca6ca4aa8990c673b2b0d2220ae813ee4
X-Git-Newrev: ce4044adeebfdc60714d3a35f67ba536edb55612
Message-Id: <20200817094505.1979C3858D37@sourceware.org>
Date: Mon, 17 Aug 2020 09:45:05 +0000 (GMT)
X-BeenThere: newlib-cvs@sourceware.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Newlib GIT logs <newlib-cvs.sourceware.org>
List-Unsubscribe: <https://sourceware.org/mailman/options/newlib-cvs>,
 <mailto:newlib-cvs-request@sourceware.org?subject=unsubscribe>
List-Archive: <https://sourceware.org/pipermail/newlib-cvs/>
List-Help: <mailto:newlib-cvs-request@sourceware.org?subject=help>
List-Subscribe: <https://sourceware.org/mailman/listinfo/newlib-cvs>,
 <mailto:newlib-cvs-request@sourceware.org?subject=subscribe>
X-List-Received-Date: Mon, 17 Aug 2020 09:45:05 -0000

https://sourceware.org/git/gitweb.cgi?p=newlib-cygwin.git;h=ce4044adeebfdc60714d3a35f67ba536edb55612

commit ce4044adeebfdc60714d3a35f67ba536edb55612
Author: Keith Packard via Newlib <newlib@sourceware.org>
Date:   Thu Aug 13 17:19:01 2020 -0700

    libm/stdlib: don't read past source in nano_realloc
    
    Save the computed block size and use it to avoid reading past
    the end of the source block.
    
    Signed-off-by: Keith Packard <keithp@keithp.com>

Diff:
---
 newlib/libc/stdlib/nano-mallocr.c | 6 ++++--
 1 file changed, 4 insertions(+), 2 deletions(-)

diff --git a/newlib/libc/stdlib/nano-mallocr.c b/newlib/libc/stdlib/nano-mallocr.c
index 9c59cff73..3970753a9 100644
--- a/newlib/libc/stdlib/nano-mallocr.c
+++ b/newlib/libc/stdlib/nano-mallocr.c
@@ -466,6 +466,7 @@ void * nano_realloc(RARG void * ptr, malloc_size_t size)
 {
     void * mem;
     chunk * p_to_realloc;
+    malloc_size_t old_size;
 
     if (ptr == NULL) return nano_malloc(RCALL size);
 
@@ -477,13 +478,14 @@ void * nano_realloc(RARG void * ptr, malloc_size_t size)
 
     /* TODO: There is chance to shrink the chunk if newly requested
      * size is much small */
-    if (nano_malloc_usable_size(RCALL ptr) >= size)
+    old_size = nano_malloc_usable_size(RCALL ptr);
+    if (old_size >= size)
       return ptr;
 
     mem = nano_malloc(RCALL size);
     if (mem != NULL)
     {
-        memcpy(mem, ptr, size);
+        memcpy(mem, ptr, old_size);
         nano_free(RCALL ptr);
     }
     return mem;